RaaS
Cybersecurity statistics about raas
Showing 1-12 of 12 results
Akira, a Ransomware-as-a-Service operation that has run since 2023, drove a 53% increase in ransomware frequency in the second half of 2025.
The Gentlemen ransomware group increased from 35 victims in Q4 2025 to 182 victims in Q1 2026.
Akira accounted for more than 40% of all ransomware claims in At-Bay’s portfolio for the full year.
86% of Akira attacks occurred in environments where a SonicWall device was present.
Activity from the Qilin ransomware group declined by 25% and activity from the Akira ransomware group declined by 22%.
Akira ransom demands averaged $1.2M, which is 50% higher than the non-Akira average.
Two-thirds of Akira attacks in 2025 occurred on nights or weekends.
Qilin affiliates take home a significant portion of their ransom payments (up to 80 - 85%), higher than typical RaaS payout structures.
Ransomware-as-a-Service (RaaS) groups were responsible for over 87% of all ransomware attacks.
Fewer new RaaS programs (-17.9%), but overall activity continued to expand.
10% to 15% of revenue was offered as a split for the core operator within the RaaS ecosystem.
The Dragon RaaS emerged in 2024.